- Sep 22, 2014
- 1,767
The future of security software isn’t just blacklisting. Instead, it will often be something more like whitelisting — shifting from “everything is allowed except known-bad stuff” to “everything is denied except known-good stuff.”
More sophisticated tools should also harden the software we use, blocking techniques attackers use rather than fighting the losing battle of constantly adding new definitions.
Antivirus should be a last-ditch line of defense, not something you rely on to save you. To stay safe online, you should act as if you had no antimalware software on your computer at all.
Antivirus isn’t the cure-all it’s often considered. Don’t have a false sense of security because antimalware software is running on your computer.
Blacklisting Is Fighting a Losing Battle
Antivirus software relies on blacklisting and heuristics — and really, heuristics are just another type of blacklisting. Antimalware companies find malware in the wild, analyze it, and add “definitions” that antimalware software constantly downloads. Whenever you run an application, the antimalware software checks to see if it matches a definition and blocks it if it does.
Antimalware software also incorporates heuristics-based detection. Heuristics check to see if a piece of software behaves similarly to known malware. It can block new pieces of malware before definitions are available for them, but heuristics aren’t anywhere near perfect.
The problem with the blacklisting approach is that it assumes everything is safe by default, and then attempts to pick out the known-bad things. It would be more secure to flip this upside down — assuming everything is dangerous and shouldn’t run unless it’s been more proven to be safe.
Antimalware software still works fairly well against random older malware you might encounter online. But, against newer and smarter attacks, antimalware software often falls flat on its face. Don’t put all your trust in it to protect you.
READ MORE...
More sophisticated tools should also harden the software we use, blocking techniques attackers use rather than fighting the losing battle of constantly adding new definitions.
Antivirus should be a last-ditch line of defense, not something you rely on to save you. To stay safe online, you should act as if you had no antimalware software on your computer at all.
Antivirus isn’t the cure-all it’s often considered. Don’t have a false sense of security because antimalware software is running on your computer.
Blacklisting Is Fighting a Losing Battle
Antivirus software relies on blacklisting and heuristics — and really, heuristics are just another type of blacklisting. Antimalware companies find malware in the wild, analyze it, and add “definitions” that antimalware software constantly downloads. Whenever you run an application, the antimalware software checks to see if it matches a definition and blocks it if it does.
Antimalware software also incorporates heuristics-based detection. Heuristics check to see if a piece of software behaves similarly to known malware. It can block new pieces of malware before definitions are available for them, but heuristics aren’t anywhere near perfect.
The problem with the blacklisting approach is that it assumes everything is safe by default, and then attempts to pick out the known-bad things. It would be more secure to flip this upside down — assuming everything is dangerous and shouldn’t run unless it’s been more proven to be safe.
Antimalware software still works fairly well against random older malware you might encounter online. But, against newer and smarter attacks, antimalware software often falls flat on its face. Don’t put all your trust in it to protect you.
READ MORE...